Date: Wed, 31 Mar 2004 16:27:52 -0500 From: Daren Desjardins <desjardins@canada.com> To: David.E.Tweten@nasa.gov Cc: freebsd-stable@freebsd.org Subject: Re: SSH issues with 4.9 stable (key_verify failed for server_host_key) Message-ID: <1080768472.43045.31.camel@lithium.stabilia.com> In-Reply-To: <3268.1080767681@gilmore.nas.nasa.gov> References: <3268.1080767681@gilmore.nas.nasa.gov>
next in thread | previous in thread | raw e-mail | index | archive | help
> >... the base system seems to force a DSA host key authentication, whereas the > >port and openssh release use RSA ... > > Why do you care? Give your machine all three kinds of machine key > (protocol 1.5, protocol 2.0 RSA, and protocol 2.0 DSA). If you want to > use public key authentication, give yourself all three types of personal > key too. That way, you are prepared for whatever slight misconfiguration > there may be at the other end of your attempted connection. Its not that I care, am just trying to point out anything I can that could indicate the cause of the problem. I tried using your config files, and the result is included below. OpenSSH_3.5p1 FreeBSD-20030924, SSH protocols 1.5/2.0, OpenSSL 0x0090703f debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: ssh_connect: needpriv 1 debug1: Connecting to daren.ca [3ffe:b80:19a3:1::1] port 22. debug1: Allocated local port 1016. debug1: connect to address 3ffe:b80:19a3:1::1 port 22: No route to host debug1: Connecting to daren.ca [65.49.123.132] port 22. debug1: Allocated local port 1015. debug1: Connection established. debug1: read PEM private key done: type DSA debug1: read PEM private key done: type RSA debug1: identity file /root/.ssh/identity type -1 debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_dsa type 2 debug1: Remote protocol version 2.0, remote software version OpenSSH_3.5p1 FreeBSD-20030924 debug1: match: OpenSSH_3.5p1 FreeBSD-20030924 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.5p1 ssh_config $Revision: 1.1.1.1 $ debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client arcfour hmac-md5 none debug1: kex: client->server arcfour hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: dh_gen_key: priv key bits set: 111/256 debug1: bits set: 1605/3191 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY No DSA host key is known for daren.ca and you have requested strict checking. Host key verification failed. debug1: Calling cleanup 0x804c158(0x0)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1080768472.43045.31.camel>